" are getting in the way

[nadeemshafi9]

hello guys " are getting in my way, when i create a user in my application, i cant delte him because " get in the way because i pass the user id throgh the querystring get and it affects obviously the SQL string, i tried replacing them char(32) as there called but no luck anyways i wana stop them getting in.

 

i whant to filter out " from a string i tried using count char and stuff like that but i just cant seem to detect them i know there char(32) because i printed them out.

 

can somone show me how to, for instance just redirect if its found in a string, i know how to redirect just not how to find "

 

Thanks very much for any help

 

it is a bit of an emergencey

[trq]

Its very hard to understand your question exactly (English not your first language?) but, prior to storing any users inputted data in the database run it through mysql_real_escape_string. This should fix your issue.

[nadeemshafi9]

ok i seem to be getting somwere with some patches but i still cant filter it out, i can now delte such things as i started adding mysql_real_escape_string( to all my queries for injection protection

[nadeemshafi9]

Its very hard to understand your question exactly (English not your first language?) but, prior to storing any users inputted data in the database run it through mysql_real_escape_string. This should fix your issue.

 

english is my first language but i had a bottle of vodka last night and have been doing my final year project for 6 days and 6 nights and i am a little bit woosy

[trq]

english is my first language but i had a bottle of vodka last night and have been doing my final year project for 6 days and 6 nights and i am a little bit woosy

 

Great. Ever thought about giving it a miss until you sober up?

[nadeemshafi9]

my lifes work will come to an end after this one so i cant screw it up, its got AJAX multiple order processing and realtime updates, AJAX fuzzy logic mouseover the item based recordings and reltime advert updating based on your mouse over the items and how long for etc. its prety well documented and i also just finished an ADA fire alarm monitoring system. its these damn small things that get me man at the last moment. looks like im getting somwere please stay tuned as i may need some expert advice.

 

thnx alot man

[nadeemshafi9]

ok things are getting better but im trying to delete a user id called  ' OR ''='

 

here is the SQL

 

$sql = "DELETE FROM users WHERE userid='".mysql_real_escape_string($userid)."';";

 

it will go in and execute but wont find the id

 

any ideas

 

thnx againa

[nadeemshafi9]

oh i realise its adding the slashes know

[nadeemshafi9]

how can i stop " and ' getting in in the first place i done it before just cant rember

[nadeemshafi9]

1 cracked it

 

Javascript form validation

 

<script language="JavaScript" type="text/JavaScript">

function validate_required(field,alerttxt){

with (field){

pos = value.lastIndexOf("\"")

 

if (value == null || value == "" || pos){

alert(alerttxt);

return false

}

else {

return true

}

}

}

function validate_form(thisform){

with (thisform){

if (validate_required(userid,"UserID contains error")==false){

email.focus();

return false

}

if (validate_required(email,"Email contains error")==false){

email.focus();

return false

}

if (validate_required(password,"Password contains error")==false){

email.focus();

return false

}

}

}

 

</script>